Most people still choose bad passwords, and that’s probably because people are even more dependent on web services than ever before.
LastPass, a publisher of password management software, found that many people still reuse passwords across multiple accounts in a study examining the psychology of password behavior. This is bad because if a hacker violates the credentials on one account, they can break into any other account with a common password. And this is just one of the many risks associated with poor password choices for online accounts.
LastPass found that while 92% of 3,750 respondents know that using the same password is a risk, 65% reuse passwords across multiple accounts. It also revealed that 45% of those polled had not changed their passwords in the past year, even after being affected by the data breach. And attitudes towards passwords vary by application; While 68% of those surveyed would create stronger passwords for financial accounts, only 32% said they would create strong passwords for business accounts.
Most users create passwords that exploit personal information linked to possible public data, such as a birthday or a personal address, the company said, and noted that only 8% of those polled said that a strong password “should not be linked to personal information”.
With so many accounts to remember, it might not be surprising that too many people choose a password and use it for every account online.
For example, most people don’t know about password spraying, where attackers use dictionary words against online accounts and end up deciphering a few of them. Cybercriminals use password pulverization just like state sponsored hackers because it works and it is cheap.
The company advises people to use “absurd sentences interspersed with numbers and symbols rather than individual words to make your passwords longer, stronger, and easier to remember while making them harder for hackers to crack. “.
Also: Better than the best password: how to use 2FA to improve your security
This advice is in line with the UK’s National Cyber Security Center (NCSC) recommendation that people choose three words at random to create a password.
The agency also believes that people who do not want to use password management software can write a password securely on paper because it is offline. Microsoft is trying to make the world password-less by offering users the ability to remove passwords as a sign-in tool using standards like FIDO2 and hardware related to Windows Hello biometric authentication. Two-factor authentication can also help strengthen protection so that attackers need more than just a password to access a service. But even with advancements like this, there are still plenty of services out there, just secured with passwords, which means choosing wisely is still very important.